RFC 6347, "Datagram Transport Layer Security Version 1.2", January 2012

Note: This RFC has been obsoleted by RFC 9147

Note: This RFC has been updated by RFC 7507, RFC 7905, RFC 8996, RFC 9146

Errata ID: 4105
Status: Reported
Type: Editorial
Publication Format(s) : TEXT
Reported By: Manuel Pégourié-Gonnard
Date Reported: 2014-09-08

Section 4.1.2.1 says:

                                                                      In
   DTLS, the receiving implementation MAY simply discard the offending
   record and continue with the connection.  This change is possible
   because DTLS records are not dependent on each other in the way that
   TLS records are.

   In general, DTLS implementations SHOULD silently discard records with
   bad MACs or that are otherwise invalid.  They MAY log an error.  If a
   DTLS implementation chooses to generate an alert when it receives a
   message with an invalid MAC, it MUST generate a bad_record_mac alert
   with level fatal and terminate its connection state.  Note that
   because errors do not cause connection termination, DTLS stacks are
   more efficient error type oracles than TLS stacks.  Thus, it is
   especially important that the advice in Section 6.2.3.2 of [TLS12] be

It should say:

See section 4.1.2.7.
[And merge the last two sentences above in section 4.1.2.7.]

Notes:

Some text is duplicated between 4.1.2.1 and 4.1.2.7, which my cause confusion or give rise to diverging updates in future revisions of this document.

Report New Errata